Windows users should consider strengthening their antivirus software. While Microsoft Defender should provide a range of defense lines for ransomware, a new report says hackers have found a solution to ransomware tools to infect ransomware PCs.
The Guide Security Report (via BleepingComputer) found that hackers are using Akira ransomware to leverage legitimate PC drivers to load a second malicious driver that shuts down Windows Defender, allowing various monkey businesses.
Report
The good driver used here is called “rwdrv.sys”, used for tuning software for Intel CPUs. Hackers abused it to install “HLPDRV.SYS”, which is another driver that they then used to revolve around Defender and start doing whatever they want to do.
Mixable light speed
The guide reported that the attack began to be seen in mid-July. It seems that the vulnerability has not been patched, but the more people know about it, at least in theory, the less likely it is to use it with them.
Also, allow our colleagues at PCMAG to recommend some beautiful third-party antivirus software to your Windows PC. For more information on the latest Akira ransomware attacks, including possible defenses, head to GuidePoint Security.
